RAR (Risk Assessment Report)


What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and

recommendations as a possible source for methods to remediate vulnerabilities.
Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the

vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level

of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this

in the risk assessment report (RAR).

Here is the additional information about the RAR
Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact

assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with

interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you

obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report.